DB encryption support

This commit is contained in:
Alexey Pustovalov 2020-04-28 17:21:46 +03:00
parent acbd134c44
commit 3f1cd26716
38 changed files with 739 additions and 172 deletions

View File

@ -6,6 +6,12 @@
# ZBX_LOGREMOTECOMMANDS=0 # Available since 3.4.0
# ZBX_HOSTNAMEITEM=system.hostname
# ZBX_SOURCEIP=
# ZBX_DBTLSCONNECT=require # Available since 5.0.0
# ZBX_DBTLSCAFILE=/run/secrets/root-ca.pem # Available since 5.0.0
# ZBX_DBTLSCERTFILE=/run/secrets/client-cert.pem # Available since 5.0.0
# ZBX_DBTLSKEYFILE=/run/secrets/client-key.pem # Available since 5.0.0
# ZBX_DBTLSCIPHER= # Available since 5.0.0
# ZBX_DBTLSCIPHER13= # Available since 5.0.0
# ZBX_DEBUGLEVEL=3
# ZBX_PROXYLOCALBUFFER=0
# ZBX_PROXYOFFLINEBUFFER=1

View File

@ -1,6 +1,12 @@
# ZBX_LISTENIP=
# ZBX_HISTORYSTORAGEURL=http://elasticsearch:9200/ # Available since 3.4.5
# ZBX_HISTORYSTORAGETYPES=uint,dbl,str,log,text # Available since 3.4.5
# ZBX_DBTLSCONNECT=require # Available since 5.0.0
# ZBX_DBTLSCAFILE=/run/secrets/root-ca.pem # Available since 5.0.0
# ZBX_DBTLSCERTFILE=/run/secrets/client-cert.pem # Available since 5.0.0
# ZBX_DBTLSKEYFILE=/run/secrets/client-key.pem # Available since 5.0.0
# ZBX_DBTLSCIPHER= # Available since 5.0.0
# ZBX_DBTLSCIPHER13= # Available since 5.0.0
# ZBX_DEBUGLEVEL=3
# ZBX_STARTPOLLERS=5
# ZBX_IPMIPOLLERS=0

View File

@ -1,6 +1,12 @@
# ZBX_SERVER_HOST=zabbix-server
# ZBX_SERVER_PORT=10051
ZBX_SERVER_NAME=Composed installation
# ZBX_DB_ENCRYPTION=true # Available since 5.0.0
# ZBX_DB_KEY_FILE=/run/secrets/client-key.pem # Available since 5.0.0
# ZBX_DB_CERT_FILE=/run/secrets/client-cert.pem # Available since 5.0.0
# ZBX_DB_CA_FILE=/run/secrets/pgsql-ca.pem # Available since 5.0.0
# ZBX_DB_VERIFY_HOST=false # Available since 5.0.0
# ZBX_DB_CIPHER_LIST= # Available since 5.0.0
# ZBX_HISTORYSTORAGEURL=http://elasticsearch:9200/ # Available since 3.4.5
# ZBX_HISTORYSTORAGETYPES=['uint', 'dbl', 'str', 'text', 'log'] # Available since 3.4.5
# ZBX_MAXEXECUTIONTIME=600

View File

@ -38,6 +38,9 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-java-gateway
@ -152,6 +155,13 @@ services:
- mysql-server
- zabbix-java-gateway
- zabbix-snmptraps
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
networks:
zbx_net_backend:
aliases:
@ -179,6 +189,7 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
deploy:
resources:
limits:
@ -193,6 +204,9 @@ services:
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
@ -232,6 +246,7 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
deploy:
resources:
limits:
@ -246,6 +261,9 @@ services:
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
@ -366,7 +384,15 @@ services:
mysql-server:
image: mysql:8.0
command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin, --default-authentication-plugin=mysql_native_password]
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
- --default-authentication-plugin=mysql_native_password
# - --require-secure-transport
# - --ssl-ca=/run/secrets/root-ca.pem
# - --ssl-cert=/run/secrets/server-cert.pem
# - --ssl-key=/run/secrets/server-key.pem
volumes:
- ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
env_file:
@ -375,6 +401,9 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
- mysql-server-key.pem
- mysql-server-cert.pem
- mysql-ca.pem
stop_grace_period: 1m
networks:
zbx_net_backend:
@ -424,3 +453,13 @@ secrets:
file: ./.MYSQL_PASSWORD
MYSQL_ROOT_PASSWORD:
file: ./.MYSQL_ROOT_PASSWORD
# client-key.pem:
# file: ./.ZBX_DB_KEY_FILE
# client-cert.pem:
# file: ./.ZBX_DB_CERT_FILE
# root-ca.pem:
# file: ./.ZBX_DB_CA_FILE
# server-cert.pem:
# file: ./.DB_CERT_FILE
# server-key.pem:
# file: ./.DB_KEY_FILE

View File

@ -42,6 +42,9 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-java-gateway
@ -164,6 +167,13 @@ services:
- mysql-server
- zabbix-java-gateway
- zabbix-snmptraps
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
networks:
zbx_net_backend:
aliases:
@ -195,6 +205,7 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
deploy:
resources:
limits:
@ -209,6 +220,9 @@ services:
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
@ -252,6 +266,7 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
deploy:
resources:
limits:
@ -266,6 +281,9 @@ services:
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
@ -398,7 +416,15 @@ services:
mysql-server:
image: mysql:8.0
command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin, --default-authentication-plugin=mysql_native_password]
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
- --default-authentication-plugin=mysql_native_password
# - --require-secure-transport
# - --ssl-ca=/run/secrets/root-ca.pem
# - --ssl-cert=/run/secrets/server-cert.pem
# - --ssl-key=/run/secrets/server-key.pem
volumes:
- ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
env_file:
@ -407,6 +433,9 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
- mysql-server-key.pem
- mysql-server-cert.pem
- mysql-ca.pem
stop_grace_period: 1m
networks:
zbx_net_backend:
@ -456,3 +485,13 @@ secrets:
file: ./.MYSQL_PASSWORD
MYSQL_ROOT_PASSWORD:
file: ./.MYSQL_ROOT_PASSWORD
# client-key.pem:
# file: ./.ZBX_DB_KEY_FILE
# client-cert.pem:
# file: ./.ZBX_DB_CERT_FILE
# root-ca.pem:
# file: ./.ZBX_DB_CA_FILE
# server-cert.pem:
# file: ./.DB_CERT_FILE
# server-key.pem:
# file: ./.DB_KEY_FILE

View File

@ -15,6 +15,9 @@ services:
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
- ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
links:
- postgres-server:postgres-server
- zabbix-java-gateway:zabbix-java-gateway
@ -182,6 +185,10 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
deploy:
resources:
limits:
@ -235,6 +242,10 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
deploy:
resources:
limits:
@ -388,8 +399,12 @@ services:
postgres-server:
image: postgres:latest
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
volumes:
- ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
- ./.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro
- ./.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro
env_file:
- .env_db_pgsql
secrets:

View File

@ -19,6 +19,9 @@ services:
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
- ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
links:
- postgres-server:postgres-server
- zabbix-java-gateway:zabbix-java-gateway
@ -182,7 +185,6 @@ services:
com.zabbix.dbtype: "mysql"
com.zabbix.os: "alpine"
zabbix-web-apache-pgsql:
build:
context: ./web-apache-pgsql/alpine
@ -199,6 +201,10 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
deploy:
resources:
limits:
@ -256,6 +262,10 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
deploy:
resources:
limits:
@ -421,8 +431,12 @@ services:
postgres-server:
image: postgres:latest
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
volumes:
- ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
- ./.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro
- ./.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro
env_file:
- .env_db_pgsql
secrets:

View File

@ -38,6 +38,9 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-java-gateway
@ -152,6 +155,13 @@ services:
- mysql-server
- zabbix-java-gateway
- zabbix-snmptraps
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
networks:
zbx_net_backend:
aliases:
@ -179,6 +189,7 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
deploy:
resources:
limits:
@ -193,6 +204,9 @@ services:
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
@ -232,6 +246,7 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
deploy:
resources:
limits:
@ -246,6 +261,9 @@ services:
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
@ -366,7 +384,15 @@ services:
mysql-server:
image: mysql:8.0
command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin, --default-authentication-plugin=mysql_native_password]
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
- --default-authentication-plugin=mysql_native_password
# - --require-secure-transport
# - --ssl-ca=/run/secrets/root-ca.pem
# - --ssl-cert=/run/secrets/server-cert.pem
# - --ssl-key=/run/secrets/server-key.pem
volumes:
- ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
env_file:
@ -375,6 +401,9 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
- mysql-server-key.pem
- mysql-server-cert.pem
- mysql-ca.pem
stop_grace_period: 1m
networks:
zbx_net_backend:
@ -424,3 +453,13 @@ secrets:
file: ./.MYSQL_PASSWORD
MYSQL_ROOT_PASSWORD:
file: ./.MYSQL_ROOT_PASSWORD
# client-key.pem:
# file: ./.ZBX_DB_KEY_FILE
# client-cert.pem:
# file: ./.ZBX_DB_CERT_FILE
# root-ca.pem:
# file: ./.ZBX_DB_CA_FILE
# server-cert.pem:
# file: ./.DB_CERT_FILE
# server-key.pem:
# file: ./.DB_KEY_FILE

View File

@ -42,6 +42,9 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-java-gateway
@ -164,6 +167,13 @@ services:
- mysql-server
- zabbix-java-gateway
- zabbix-snmptraps
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
networks:
zbx_net_backend:
aliases:
@ -183,7 +193,7 @@ services:
build:
context: ./web-apache-mysql/centos
cache_from:
- centos:centos7
- centos:centos8
image: zabbix-web-apache-mysql:centos-local
ports:
- "80:8080"
@ -195,6 +205,7 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
deploy:
resources:
limits:
@ -209,6 +220,9 @@ services:
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
@ -240,7 +254,7 @@ services:
build:
context: ./web-nginx-mysql/centos
cache_from:
- centos:centos7
- centos:centos8
image: zabbix-web-nginx-mysql:centos-local
ports:
- "8081:8080"
@ -252,6 +266,7 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
deploy:
resources:
limits:
@ -266,6 +281,9 @@ services:
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
@ -398,7 +416,15 @@ services:
mysql-server:
image: mysql:8.0
command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin, --default-authentication-plugin=mysql_native_password]
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
- --default-authentication-plugin=mysql_native_password
# - --require-secure-transport
# - --ssl-ca=/run/secrets/root-ca.pem
# - --ssl-cert=/run/secrets/server-cert.pem
# - --ssl-key=/run/secrets/server-key.pem
volumes:
- ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
env_file:
@ -407,6 +433,9 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
- mysql-server-key.pem
- mysql-server-cert.pem
- mysql-ca.pem
stop_grace_period: 1m
networks:
zbx_net_backend:
@ -456,3 +485,13 @@ secrets:
file: ./.MYSQL_PASSWORD
MYSQL_ROOT_PASSWORD:
file: ./.MYSQL_ROOT_PASSWORD
# client-key.pem:
# file: ./.ZBX_DB_KEY_FILE
# client-cert.pem:
# file: ./.ZBX_DB_CERT_FILE
# root-ca.pem:
# file: ./.ZBX_DB_CA_FILE
# server-cert.pem:
# file: ./.DB_CERT_FILE
# server-key.pem:
# file: ./.DB_KEY_FILE

View File

@ -15,6 +15,9 @@ services:
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
- ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
links:
- postgres-server:postgres-server
- zabbix-java-gateway:zabbix-java-gateway
@ -182,6 +185,10 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
deploy:
resources:
limits:
@ -235,6 +242,10 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
deploy:
resources:
limits:
@ -388,8 +399,12 @@ services:
postgres-server:
image: postgres:latest
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
volumes:
- ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
- ./.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro
- ./.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro
env_file:
- .env_db_pgsql
secrets:

View File

@ -1,7 +1,10 @@
version: '3.5'
services:
zabbix-server:
build: ./server-pgsql/centos
build:
context: ./server-pgsql/centos
cache_from:
- centos:centos7
image: zabbix-server-pgsql:centos-local
ports:
- "10051:10051"
@ -16,6 +19,9 @@ services:
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
- ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
links:
- postgres-server:postgres-server
- zabbix-java-gateway:zabbix-java-gateway
@ -66,7 +72,10 @@ services:
com.zabbix.os: "centos"
zabbix-proxy-sqlite3:
build: ./proxy-sqlite3/centos
build:
context: ./proxy-sqlite3/centos
cache_from:
- centos:centos7
image: zabbix-proxy-sqlite3:centos-local
ports:
- "10061:10051"
@ -117,7 +126,10 @@ services:
com.zabbix.os: "centos"
zabbix-proxy-mysql:
build: ./proxy-mysql/centos
build:
context: ./proxy-mysql/centos
cache_from:
- centos:centos7
image: zabbix-proxy-mysql:centos-local
ports:
- "10071:10051"
@ -173,9 +185,11 @@ services:
com.zabbix.dbtype: "mysql"
com.zabbix.os: "centos"
zabbix-web-apache-pgsql:
build: ./web-apache-pgsql/centos
build:
context: ./web-apache-pgsql/centos
cache_from:
- centos:centos8
image: zabbix-web-apache-pgsql:centos-local
ports:
- "80:8080"
@ -187,6 +201,10 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
deploy:
resources:
limits:
@ -229,7 +247,10 @@ services:
com.zabbix.os: "centos"
zabbix-web-nginx-pgsql:
build: ./web-nginx-pgsql/centos
build:
context: ./web-nginx-pgsql/centos
cache_from:
- centos:centos8
image: zabbix-web-nginx-pgsql:centos-local
ports:
- "8081:8080"
@ -241,6 +262,10 @@ services:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
deploy:
resources:
limits:
@ -283,7 +308,10 @@ services:
com.zabbix.os: "centos"
zabbix-agent:
build: ./agent/centos
build:
context: ./agent/centos
cache_from:
- centos:centos7
image: zabbix-agent:centos-local
ports:
- "10050:10050"
@ -323,7 +351,10 @@ services:
com.zabbix.os: "centos"
zabbix-java-gateway:
build: ./java-gateway/centos
build:
context: ./java-gateway/centos
cache_from:
- centos:centos7
image: zabbix-java-gateway:centos-local
ports:
- "10052:10052"
@ -400,8 +431,12 @@ services:
postgres-server:
image: postgres:latest
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
volumes:
- ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
- ./.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro
- ./.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro
env_file:
- .env_db_pgsql
secrets:

View File

@ -6,6 +6,7 @@ services:
- "10051:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw
@ -37,7 +38,9 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
user: root
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-java-gateway
@ -60,7 +63,7 @@ services:
- net.ipv4.conf.all.send_redirects=0
labels:
com.zabbix.description: "Zabbix server with MySQL database support"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-server"
com.zabbix.dbtype: "mysql"
com.zabbix.os: "ubuntu"
@ -71,6 +74,7 @@ services:
- "10061:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
@ -96,7 +100,6 @@ services:
env_file:
- .env_prx
- .env_prx_sqlite3
user: root
depends_on:
- zabbix-java-gateway
- zabbix-snmptraps
@ -110,7 +113,7 @@ services:
stop_grace_period: 30s
labels:
com.zabbix.description: "Zabbix proxy with SQLite3 database support"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-proxy"
com.zabbix.dbtype: "sqlite3"
com.zabbix.os: "ubuntu"
@ -121,6 +124,7 @@ services:
- "10071:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
@ -147,11 +151,17 @@ services:
- .env_db_mysql_proxy
- .env_prx
- .env_prx_mysql
user: root
depends_on:
- mysql-server
- zabbix-java-gateway
- zabbix-snmptraps
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
networks:
zbx_net_backend:
aliases:
@ -162,7 +172,7 @@ services:
stop_grace_period: 30s
labels:
com.zabbix.description: "Zabbix proxy with MySQL database support"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-proxy"
com.zabbix.dbtype: "mysql"
com.zabbix.os: "ubuntu"
@ -170,14 +180,16 @@ services:
zabbix-web-apache-mysql:
image: zabbix/zabbix-web-apache-mysql:ubuntu-trunk
ports:
- "80:80"
- "443:443"
- "80:8080"
- "443:8443"
links:
- mysql-server:mysql-server
- zabbix-server:zabbix-server
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
deploy:
resources:
limits:
@ -192,12 +204,14 @@ services:
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
user: root
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
@ -214,7 +228,7 @@ services:
- net.core.somaxconn=65535
labels:
com.zabbix.description: "Zabbix frontend on Apache web-server with MySQL database support"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-frontend"
com.zabbix.webserver: "apache2"
com.zabbix.dbtype: "mysql"
@ -223,14 +237,16 @@ services:
zabbix-web-nginx-mysql:
image: zabbix/zabbix-web-nginx-mysql:ubuntu-trunk
ports:
- "8081:80"
- "8443:443"
- "8081:8080"
- "8443:8443"
links:
- mysql-server:mysql-server
- zabbix-server:zabbix-server
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
deploy:
resources:
limits:
@ -245,12 +261,14 @@ services:
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
user: root
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
@ -267,7 +285,7 @@ services:
- net.core.somaxconn=65535
labels:
com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-frontend"
com.zabbix.webserver: "nginx"
com.zabbix.dbtype: "mysql"
@ -279,6 +297,7 @@ services:
- "10050:10050"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
@ -296,7 +315,6 @@ services:
mode: global
env_file:
- .env_agent
user: root
privileged: true
pid: "host"
networks:
@ -308,7 +326,7 @@ services:
stop_grace_period: 5s
labels:
com.zabbix.description: "Zabbix agent"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-agentd"
com.zabbix.os: "ubuntu"
@ -326,7 +344,6 @@ services:
memory: 256M
env_file:
- .env_java
user: root
networks:
zbx_net_backend:
aliases:
@ -335,14 +352,14 @@ services:
stop_grace_period: 5s
labels:
com.zabbix.description: "Zabbix Java Gateway"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "java-gateway"
com.zabbix.os: "ubuntu"
zabbix-snmptraps:
image: zabbix/zabbix-snmptraps:ubuntu-trunk
ports:
- "162:162/udp"
- "162:1162/udp"
volumes:
- ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw
deploy:
@ -353,7 +370,6 @@ services:
reservations:
cpus: '0.25'
memory: 128M
user: root
networks:
zbx_net_frontend:
aliases:
@ -362,13 +378,21 @@ services:
stop_grace_period: 5s
labels:
com.zabbix.description: "Zabbix snmptraps"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "snmptraps"
com.zabbix.os: "ubuntu"
mysql-server:
image: mysql:8.0
command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin, --default-authentication-plugin=mysql_native_password]
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
- --default-authentication-plugin=mysql_native_password
# - --require-secure-transport
# - --ssl-ca=/run/secrets/root-ca.pem
# - --ssl-cert=/run/secrets/server-cert.pem
# - --ssl-key=/run/secrets/server-key.pem
volumes:
- ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
env_file:
@ -377,7 +401,9 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
user: root
- mysql-server-key.pem
- mysql-server-cert.pem
- mysql-ca.pem
stop_grace_period: 1m
networks:
zbx_net_backend:
@ -427,3 +453,13 @@ secrets:
file: ./.MYSQL_PASSWORD
MYSQL_ROOT_PASSWORD:
file: ./.MYSQL_ROOT_PASSWORD
# client-key.pem:
# file: ./.ZBX_DB_KEY_FILE
# client-cert.pem:
# file: ./.ZBX_DB_CERT_FILE
# root-ca.pem:
# file: ./.ZBX_DB_CA_FILE
# server-cert.pem:
# file: ./.DB_CERT_FILE
# server-key.pem:
# file: ./.DB_KEY_FILE

View File

@ -10,6 +10,7 @@ services:
- "10051:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw
@ -41,7 +42,9 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
user: root
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-java-gateway
@ -64,7 +67,7 @@ services:
- net.ipv4.conf.all.send_redirects=0
labels:
com.zabbix.description: "Zabbix server with MySQL database support"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-server"
com.zabbix.dbtype: "mysql"
com.zabbix.os: "ubuntu"
@ -79,6 +82,7 @@ services:
- "10061:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
@ -104,7 +108,6 @@ services:
env_file:
- .env_prx
- .env_prx_sqlite3
user: root
depends_on:
- zabbix-java-gateway
- zabbix-snmptraps
@ -118,7 +121,7 @@ services:
stop_grace_period: 30s
labels:
com.zabbix.description: "Zabbix proxy with SQLite3 database support"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-proxy"
com.zabbix.dbtype: "sqlite3"
com.zabbix.os: "ubuntu"
@ -133,6 +136,7 @@ services:
- "10071:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
@ -159,11 +163,17 @@ services:
- .env_db_mysql_proxy
- .env_prx
- .env_prx_mysql
user: root
depends_on:
- mysql-server
- zabbix-java-gateway
- zabbix-snmptraps
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
networks:
zbx_net_backend:
aliases:
@ -174,7 +184,7 @@ services:
stop_grace_period: 30s
labels:
com.zabbix.description: "Zabbix proxy with MySQL database support"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-proxy"
com.zabbix.dbtype: "mysql"
com.zabbix.os: "ubuntu"
@ -186,14 +196,16 @@ services:
- ubuntu:bionic
image: zabbix-web-apache-mysql:ubuntu-local
ports:
- "80:80"
- "443:443"
- "80:8080"
- "443:8443"
links:
- mysql-server:mysql-server
- zabbix-server:zabbix-server
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
deploy:
resources:
limits:
@ -208,12 +220,14 @@ services:
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
user: root
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
@ -230,7 +244,7 @@ services:
- net.core.somaxconn=65535
labels:
com.zabbix.description: "Zabbix frontend on Apache web-server with MySQL database support"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-frontend"
com.zabbix.webserver: "apache2"
com.zabbix.dbtype: "mysql"
@ -243,14 +257,16 @@ services:
- ubuntu:bionic
image: zabbix-web-nginx-mysql:ubuntu-local
ports:
- "8081:80"
- "8443:443"
- "8081:8080"
- "8443:8443"
links:
- mysql-server:mysql-server
- zabbix-server:zabbix-server
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
deploy:
resources:
limits:
@ -265,12 +281,14 @@ services:
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
user: root
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
@ -287,7 +305,7 @@ services:
- net.core.somaxconn=65535
labels:
com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-frontend"
com.zabbix.webserver: "nginx"
com.zabbix.dbtype: "mysql"
@ -303,6 +321,7 @@ services:
- "10050:10050"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
@ -320,7 +339,6 @@ services:
mode: global
env_file:
- .env_agent
user: root
privileged: true
pid: "host"
networks:
@ -332,7 +350,7 @@ services:
stop_grace_period: 5s
labels:
com.zabbix.description: "Zabbix agent"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-agentd"
com.zabbix.os: "ubuntu"
@ -354,7 +372,6 @@ services:
memory: 256M
env_file:
- .env_java
user: root
networks:
zbx_net_backend:
aliases:
@ -363,7 +380,7 @@ services:
stop_grace_period: 5s
labels:
com.zabbix.description: "Zabbix Java Gateway"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "java-gateway"
com.zabbix.os: "ubuntu"
@ -374,7 +391,7 @@ services:
- ubuntu:bionic
image: zabbix-snmptraps:ubuntu-local
ports:
- "162:162/udp"
- "162:1162/udp"
volumes:
- ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw
deploy:
@ -385,7 +402,6 @@ services:
reservations:
cpus: '0.25'
memory: 128M
user: root
networks:
zbx_net_frontend:
aliases:
@ -394,13 +410,21 @@ services:
stop_grace_period: 5s
labels:
com.zabbix.description: "Zabbix snmptraps"
com.zabbix.company: "Zabbix SIA"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "snmptraps"
com.zabbix.os: "ubuntu"
mysql-server:
image: mysql:8.0
command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin, --default-authentication-plugin=mysql_native_password]
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
- --default-authentication-plugin=mysql_native_password
# - --require-secure-transport
# - --ssl-ca=/run/secrets/root-ca.pem
# - --ssl-cert=/run/secrets/server-cert.pem
# - --ssl-key=/run/secrets/server-key.pem
volumes:
- ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
env_file:
@ -409,7 +433,9 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
user: root
- mysql-server-key.pem
- mysql-server-cert.pem
- mysql-ca.pem
stop_grace_period: 1m
networks:
zbx_net_backend:
@ -459,3 +485,13 @@ secrets:
file: ./.MYSQL_PASSWORD
MYSQL_ROOT_PASSWORD:
file: ./.MYSQL_ROOT_PASSWORD
# client-key.pem:
# file: ./.ZBX_DB_KEY_FILE
# client-cert.pem:
# file: ./.ZBX_DB_CERT_FILE
# root-ca.pem:
# file: ./.ZBX_DB_CA_FILE
# server-cert.pem:
# file: ./.DB_CERT_FILE
# server-key.pem:
# file: ./.DB_KEY_FILE

View File

@ -6,6 +6,7 @@ services:
- "10051:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw
@ -14,6 +15,9 @@ services:
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
- ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
links:
- postgres-server:postgres-server
- zabbix-java-gateway:zabbix-java-gateway
@ -36,7 +40,6 @@ services:
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
user: root
depends_on:
- postgres-server
- zabbix-java-gateway
@ -70,6 +73,7 @@ services:
- "10061:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
@ -95,7 +99,6 @@ services:
env_file:
- .env_prx
- .env_prx_sqlite3
user: root
depends_on:
- zabbix-java-gateway
- zabbix-snmptraps
@ -120,6 +123,7 @@ services:
- "10071:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
@ -150,7 +154,6 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
user: root
depends_on:
- mysql-server
- zabbix-java-gateway
@ -173,14 +176,19 @@ services:
zabbix-web-apache-pgsql:
image: zabbix/zabbix-web-apache-pgsql:ubuntu-trunk
ports:
- "80:80"
- "443:443"
- "80:8080"
- "443:8443"
links:
- postgres-server:postgres-server
- zabbix-server:zabbix-server
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
deploy:
resources:
limits:
@ -195,12 +203,11 @@ services:
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
user: root
depends_on:
- postgres-server
- zabbix-server
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
@ -226,14 +233,19 @@ services:
zabbix-web-nginx-pgsql:
image: zabbix/zabbix-web-nginx-pgsql:ubuntu-trunk
ports:
- "8081:80"
- "8443:443"
- "8081:8080"
- "8443:8443"
links:
- postgres-server:postgres-server
- zabbix-server:zabbix-server
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
deploy:
resources:
limits:
@ -248,12 +260,11 @@ services:
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
user: root
depends_on:
- postgres-server
- zabbix-server
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
@ -282,6 +293,7 @@ services:
- "10050:10050"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
@ -299,7 +311,6 @@ services:
mode: global
env_file:
- .env_agent
user: root
privileged: true
pid: "host"
networks:
@ -329,7 +340,6 @@ services:
memory: 256M
env_file:
- .env_java
user: root
networks:
zbx_net_backend:
aliases:
@ -345,7 +355,7 @@ services:
zabbix-snmptraps:
image: zabbix/zabbix-snmptraps:ubuntu-trunk
ports:
- "162:162/udp"
- "162:1162/udp"
volumes:
- ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw
deploy:
@ -356,7 +366,6 @@ services:
reservations:
cpus: '0.25'
memory: 128M
user: root
networks:
zbx_net_frontend:
aliases:
@ -380,7 +389,6 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
user: root
stop_grace_period: 1m
networks:
zbx_net_backend:
@ -391,14 +399,17 @@ services:
postgres-server:
image: postgres:latest
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
volumes:
- ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
- ./.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro
- ./.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro
env_file:
- .env_db_pgsql
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
user: root
stop_grace_period: 1m
networks:
zbx_net_backend:

View File

@ -1,12 +1,16 @@
version: '3.5'
services:
zabbix-server:
build: ./server-pgsql/ubuntu
build:
context: ./server-pgsql/ubuntu
cache_from:
- ubuntu:bionic
image: zabbix-server-pgsql:ubuntu-local
ports:
- "10051:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw
@ -15,6 +19,9 @@ services:
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
- ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
links:
- postgres-server:postgres-server
- zabbix-java-gateway:zabbix-java-gateway
@ -37,7 +44,6 @@ services:
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
user: root
depends_on:
- postgres-server
- zabbix-java-gateway
@ -66,12 +72,16 @@ services:
com.zabbix.os: "ubuntu"
zabbix-proxy-sqlite3:
build: ./proxy-sqlite3/ubuntu
build:
context: ./proxy-sqlite3/ubuntu
cache_from:
- ubuntu:bionic
image: zabbix-proxy-sqlite3:ubuntu-local
ports:
- "10061:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
@ -97,7 +107,6 @@ services:
env_file:
- .env_prx
- .env_prx_sqlite3
user: root
depends_on:
- zabbix-java-gateway
- zabbix-snmptraps
@ -117,12 +126,16 @@ services:
com.zabbix.os: "ubuntu"
zabbix-proxy-mysql:
build: ./proxy-mysql/ubuntu
build:
context: ./proxy-mysql/ubuntu
cache_from:
- ubuntu:bionic
image: zabbix-proxy-mysql:ubuntu-local
ports:
- "10071:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
@ -153,7 +166,6 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
user: root
depends_on:
- mysql-server
- zabbix-java-gateway
@ -173,19 +185,26 @@ services:
com.zabbix.dbtype: "mysql"
com.zabbix.os: "ubuntu"
zabbix-web-apache-pgsql:
build: ./web-apache-pgsql/ubuntu
build:
context: ./web-apache-pgsql/ubuntu
cache_from:
- ubuntu:bionic
image: zabbix-web-apache-pgsql:ubuntu-local
ports:
- "80:80"
- "443:443"
- "80:8080"
- "443:8443"
links:
- postgres-server:postgres-server
- zabbix-server:zabbix-server
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
deploy:
resources:
limits:
@ -200,12 +219,11 @@ services:
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
user: root
depends_on:
- postgres-server
- zabbix-server
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
@ -229,17 +247,25 @@ services:
com.zabbix.os: "ubuntu"
zabbix-web-nginx-pgsql:
build: ./web-nginx-pgsql/ubuntu
build:
context: ./web-nginx-pgsql/ubuntu
cache_from:
- ubuntu:bionic
image: zabbix-web-nginx-pgsql:ubuntu-local
ports:
- "8081:80"
- "8443:443"
- "8081:8080"
- "8443:8443"
links:
- postgres-server:postgres-server
- zabbix-server:zabbix-server
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
deploy:
resources:
limits:
@ -254,12 +280,11 @@ services:
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
user: root
depends_on:
- postgres-server
- zabbix-server
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
@ -283,12 +308,16 @@ services:
com.zabbix.os: "ubuntu"
zabbix-agent:
build: ./agent/ubuntu
build:
context: ./agent/ubuntu
cache_from:
- ubuntu:bionic
image: zabbix-agent:ubuntu-local
ports:
- "10050:10050"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
@ -306,7 +335,6 @@ services:
mode: global
env_file:
- .env_agent
user: root
privileged: true
pid: "host"
networks:
@ -323,7 +351,10 @@ services:
com.zabbix.os: "ubuntu"
zabbix-java-gateway:
build: ./java-gateway/ubuntu
build:
context: ./java-gateway/ubuntu
cache_from:
- ubuntu:bionic
image: zabbix-java-gateway:ubuntu-local
ports:
- "10052:10052"
@ -337,7 +368,6 @@ services:
memory: 256M
env_file:
- .env_java
user: root
networks:
zbx_net_backend:
aliases:
@ -351,10 +381,13 @@ services:
com.zabbix.os: "ubuntu"
zabbix-snmptraps:
build: ./snmptraps/ubuntu
build:
context: ./snmptraps/ubuntu
cache_from:
- ubuntu:bionic
image: zabbix-snmptraps:ubuntu-local
ports:
- "162:162/udp"
- "162:1162/udp"
volumes:
- ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw
deploy:
@ -365,7 +398,6 @@ services:
reservations:
cpus: '0.25'
memory: 128M
user: root
networks:
zbx_net_frontend:
aliases:
@ -389,7 +421,6 @@ services:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
user: root
stop_grace_period: 1m
networks:
zbx_net_backend:
@ -400,14 +431,17 @@ services:
postgres-server:
image: postgres:latest
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
volumes:
- ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
- ./.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro
- ./.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro
env_file:
- .env_db_pgsql
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
user: root
stop_grace_period: 1m
networks:
zbx_net_backend:

View File

@ -188,8 +188,12 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
@ -199,8 +203,12 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query")
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
echo $result
}
@ -245,9 +253,13 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \
${DB_SERVER_DBNAME} 1>/dev/null
fi
}
@ -278,6 +290,15 @@ update_zbx_config() {
update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}"
update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}"
update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}"
update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}"
update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}"
update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}"
fi
update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}"
update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}"

View File

@ -188,8 +188,12 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
@ -199,8 +203,12 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query")
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
echo $result
}
@ -245,9 +253,13 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \
${DB_SERVER_DBNAME} 1>/dev/null
fi
}
@ -278,6 +290,15 @@ update_zbx_config() {
update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}"
update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}"
update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}"
update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}"
update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}"
update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}"
fi
update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}"
update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}"

View File

@ -183,8 +183,12 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
@ -194,8 +198,12 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query")
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
echo $result
}
@ -240,9 +248,13 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \
${DB_SERVER_DBNAME} 1>/dev/null
fi
}
@ -262,6 +274,15 @@ update_zbx_config() {
update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}"
update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}"
update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}"
update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}"
update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}"
update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}"
fi
update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}"
update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}"
update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"

View File

@ -183,8 +183,12 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
@ -194,8 +198,12 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query")
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
echo $result
}
@ -240,9 +248,13 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \
${DB_SERVER_DBNAME} 1>/dev/null
fi
}
@ -262,6 +274,15 @@ update_zbx_config() {
update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}"
update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}"
update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}"
update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}"
update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}"
update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}"
fi
update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}"
update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}"
update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"

View File

@ -183,7 +183,12 @@ check_db_connect_postgresql() {
export PGOPTIONS
fi
while [ ! "$(psql -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
fi
while [ ! "$(psql "$ssl_opts" -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
@ -207,7 +212,12 @@ psql_query() {
export PGOPTIONS
fi
result=$(psql -A -q -t -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
fi
result=$(psql -A -q -t "$ssl_opts" -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \
-U ${DB_SERVER_ROOT_USER} -c "$query" $db 2>/dev/null);
unset PGPASSWORD
@ -268,12 +278,17 @@ create_db_schema_postgresql() {
export PGOPTIONS
fi
zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql -q \
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
fi
zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql "$ssl_opts" -q \
-h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \
-U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null
if [ "${ENABLE_TIMESCALEDB}" == "true" ]; then
cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql -q \
cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql "$ssl_opts" -q \
-h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \
-U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null
fi
@ -301,6 +316,15 @@ update_zbx_config() {
update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}"
update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}"
update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}"
update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}"
update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}"
update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}"
fi
update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}"
update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}"
update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"

View File

@ -183,7 +183,12 @@ check_db_connect_postgresql() {
export PGOPTIONS
fi
while [ ! "$(psql -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
fi
while [ ! "$(psql "$ssl_opts" -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
@ -207,7 +212,12 @@ psql_query() {
export PGOPTIONS
fi
result=$(psql -A -q -t -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
fi
result=$(psql "$ssl_opts" -A -q -t -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \
-U ${DB_SERVER_ROOT_USER} -c "$query" $db 2>/dev/null);
unset PGPASSWORD
@ -268,12 +278,17 @@ create_db_schema_postgresql() {
export PGOPTIONS
fi
zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql -q \
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
fi
zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql "$ssl_opts" -q \
-h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \
-U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null
if [ "${ENABLE_TIMESCALEDB}" == "true" ]; then
cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql -q \
cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql "$ssl_opts" -q \
-h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \
-U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null
fi
@ -301,6 +316,15 @@ update_zbx_config() {
update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}"
update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}"
update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}"
update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}"
update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}"
update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}"
fi
update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}"
update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}"
update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"

View File

@ -80,9 +80,9 @@ RUN set -eux && \
rm -rf tests && \
./locale/make_mo.sh && \
ln -s "/etc/zabbix/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chown --quiet -R zabbix:root /etc/apache2/ /etc/php7/ && \
chgrp -R 0 /etc/apache2/ /etc/php7/ && \
chmod -R g=u /etc/apache2/ /etc/php7/ && \
@ -94,7 +94,7 @@ EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix
VOLUME ["/etc/ssl/apache2"]
VOLUME ["/etc/ssl/apache2", "/usr/share/zabbix/modules/"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

View File

@ -178,8 +178,12 @@ check_db_connect() {
WAIT_TIMEOUT=5
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
@ -236,6 +240,10 @@ prepare_zbx_web_config() {
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \

View File

@ -79,9 +79,9 @@ RUN set -eux && \
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
cut -d"'" -f 2 | sort | \
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
@ -98,7 +98,7 @@ EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix
VOLUME ["/etc/ssl/apache2"]
VOLUME ["/etc/ssl/apache2", "/usr/share/zabbix/modules"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

View File

@ -178,8 +178,12 @@ check_db_connect() {
WAIT_TIMEOUT=5
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
@ -236,6 +240,10 @@ prepare_zbx_web_config() {
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \

View File

@ -98,7 +98,7 @@ EXPOSE 80/TCP 443/TCP
WORKDIR /usr/share/zabbix
VOLUME ["/etc/ssl/apache2"]
VOLUME ["/etc/ssl/apache2", "/usr/share/zabbix/modules"]
COPY ["conf/etc/zabbix/apache.conf", "/etc/zabbix/"]
COPY ["conf/etc/zabbix/apache_ssl.conf", "/etc/zabbix/"]

View File

@ -79,9 +79,9 @@ RUN set -eux && \
rm -rf tests && \
./locale/make_mo.sh && \
ln -s "/etc/zabbix/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chown --quiet -R zabbix:root /etc/apache2/ /etc/php7/ && \
chgrp -R 0 /etc/apache2/ /etc/php7/ && \
chmod -R g=u /etc/apache2/ /etc/php7/ && \
@ -93,7 +93,7 @@ EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix
VOLUME ["/etc/ssl/apache2"]
VOLUME ["/etc/ssl/apache2", "/usr/share/zabbix/modules"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

View File

@ -226,6 +226,10 @@ prepare_zbx_web_config() {
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \

View File

@ -79,9 +79,9 @@ RUN set -eux && \
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
cut -d"'" -f 2 | sort | \
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
@ -98,7 +98,7 @@ EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix
VOLUME ["/etc/ssl/apache2"]
VOLUME ["/etc/ssl/apache2", "/usr/share/zabbix/modules"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

View File

@ -177,7 +177,12 @@ check_db_connect() {
export PGOPTIONS
fi
while [ ! "$(psql -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
fi
while [ ! "$(psql "$ssl_opts" -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
@ -233,6 +238,10 @@ prepare_zbx_web_config() {
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \

View File

@ -73,9 +73,9 @@ RUN set -eux && \
rm -rf tests && \
./locale/make_mo.sh && \
ln -s "/etc/zabbix/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
chgrp -R 0 /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
chmod -R g=u /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
@ -90,7 +90,7 @@ EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix
VOLUME ["/etc/ssl/nginx"]
VOLUME ["/etc/ssl/nginx", "/usr/share/zabbix/modules"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

View File

@ -197,8 +197,12 @@ check_db_connect() {
WAIT_TIMEOUT=5
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
@ -259,6 +263,10 @@ prepare_zbx_web_config() {
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \

View File

@ -71,9 +71,9 @@ RUN set -eux && \
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
cut -d"'" -f 2 | sort | \
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
@ -89,7 +89,7 @@ EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix
VOLUME ["/etc/ssl/nginx"]
VOLUME ["/etc/ssl/nginx", "/usr/share/zabbix/modules"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

View File

@ -197,8 +197,12 @@ check_db_connect() {
WAIT_TIMEOUT=5
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
@ -259,6 +263,10 @@ prepare_zbx_web_config() {
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
@ -269,6 +277,12 @@ prepare_zbx_web_config() {
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"

View File

@ -72,9 +72,9 @@ RUN set -eux && \
rm -rf tests && \
./locale/make_mo.sh && \
ln -s "/etc/zabbix/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
chgrp -R 0 /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
chmod -R g=u /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
@ -89,7 +89,7 @@ EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix
VOLUME ["/etc/ssl/nginx"]
VOLUME ["/etc/ssl/nginx", "/usr/share/zabbix/modules"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

View File

@ -259,6 +259,10 @@ prepare_zbx_web_config() {
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \

View File

@ -71,9 +71,9 @@ RUN set -eux && \
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
cut -d"'" -f 2 | sort | \
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \
chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
@ -89,7 +89,7 @@ EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix
VOLUME ["/etc/ssl/nginx"]
VOLUME ["/etc/ssl/nginx", "/usr/share/zabbix/modules"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

View File

@ -265,6 +265,10 @@ prepare_zbx_web_config() {
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
@ -275,6 +279,12 @@ prepare_zbx_web_config() {
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"